Death Twitches: Nokia Caught Wiretapping Encrypted Traffic From Its Handsets

Nokia, the cellphone manufacturer, has been listening in to all encrypted communications from its handset’s browser. Every connection advertised as secure – banking, social networks, dating, corporate secrets – has been covertly wiretapped by Nokia themselves and decrypted for analysis.

Security researcher Gaurang Pandya posted an article in December about some unexpected behavior with their Nokia handset. It would appear that the browser traffic from the handset would get diverted through Nokia’s servers.

Then, a followup article on January 9 dropped the bomb, and the article goes into quite technical detail: It wasn’t enough that Nokia diverted all traffic from its handsets through its own servers, it also decrypted the encrypted traffic, re-encrypting it before passing it on, issuing HTTPS certificates on the fly that the Nokia phone has been instructed to trust as secure.

This means that Nokia has deliberately been wiretapping all traffic that has been advertised as encrypted on these Nokia handsets – including but not limited to banking, dating, credit card numbers, and corporate secrets – and looking at your secrets in cleartext.

This means that Nokia puts itself between your bank and you, and presents itself as YourBank, Inc. to your phone. This wouldn’t normally be possible, if it weren’t for the fact that the phone had been specifically designed for this deceptive behavior, by installing a Nokia signing certificate on the phone.

Nokia has confirmed this behavior in correspondence with TechWeek Europe (my highlights):

“The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value […blahblah…] when temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner”, a Nokia spokesperson told TechWeek Europe.

The issue affects at least the Nokia handsets with Nokia’s own browser, the Nokia Xpress Browser mentioned above.

So why is this a big deal?

It is a big deal because banks rely on having a secure connection all the way to you. As do corporate networks. As do news outlets’ protection of sources. Anybody listening in to the conversation in the middle breaks the whole concept of secrecy – and the phone was specifically designed by Nokia to allow Nokia to listen in without telling you.

My, my. Secure connections are presenting themselves as secure end-to-end, and a handset manufacturer breaches this most basic of trusts? We’d have a very hard time trusting a company that says “yes, we’re listening to all of your encrypted communications, yes, bank passwords and dating habits and all of it, but we’re not doing anything bad with it. No, really.”

If Nokia was in trouble over its handset sales already, this complete breach of trustworthiness has to be a death twitch.

UPDATE 1:[obsolete with Update 2]

UPDATE 2: Well, that was fast. Pandya has updated his original article where he discovered this so-called Man-in-the-Middle attack, stating that Nokia has pushed out a new version of their browser which removes the Man-in-the-Middle attack – the wiretapping of encrypted communications – from the browser’s behavior. Apparently, it took being caught with the hand in the cookie jar to stop this behavior in just hours.

You still have to remind yourself, though – if they can turn this wiretapping off with a simple browser update after having been discovered doing it, there’s not much stopping Nokia from turning it on just as silently again at some point in the future, is there?

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot. He works as Head of Privacy at the no-log VPN provider Private Internet Access; with his other 40 hours, he's developing an enterprise grade bitcoin wallet and HR system for activism.

Discussion

Roman

January 11, 2013

I would have thought that anyone performing a MITM attack without my knowledge or consent is committing a criminal offence/felony… is that not so?

Caleb Lanik

January 11, 2013

That’s a good point, if I performed MITM attack on Nokia’s encrypted information, I imagine that they wouldn’t be expected to take my word for it that I didn’t do anything untrustworthy with it.

netsec guy

January 11, 2013

SSL interception is standard fare. If you don’t trust the vendor why are you using their handset in the first place.

The whole point of using end-to-end encryption is that you don’t have to trust anybody. SSL interception is a breach of this, and I won’t be using anybody’s services that tries to present an eavesdropped connection as an end-to-end secure connection.

Adrian Roy

January 11, 2013

SSL interception, or any kind of MITM attack, against customers by their vendor is NOT standard fare. I don’t think I am overstating the fact when I say that it’s that exact level of trust which makes modern society function on a daily basis. People did trust the vendor because they had no reason not to. Now, of course, that’s a different story. But before this news broke, it was perfectly reasonable to think that Nokia wasn’t hijacking encrypted traffic from their customers.

Are you saying that everyone who used a Nokia handset before this was a fool and should have seen this coming?

Maybe I misread your comment. If I did, apologies.

Consumer

January 11, 2013

Yeah right and who are they going to sue? The Board should be fired and the operating executives sent to jail. The problem is that it ends up being a fine and just the cost of doing shady business. Until corporate executives are held accountable, responsible and fully liable this will continue. You think a fine and a strong talking to stopped Facebook? Think again. The same goes for all the companies that see us as sheep and behave with utter disregard for our health, welfare and privacy.

did you read browsers EULA at start? because their lawyers inserted clause for that case. so it might be something else but not wiretapping without your consent.

Tomas Radej

January 11, 2013

Hi, this is a helpful article, but it is wrong for two reasons:

a) This issue affects only handsets with the Xpress browser. Not all Nokia handsets feature this browser. Lumias, for example, have Internet Explorer.

b) The article you link to specifically says that when browsing with Opera mini, the same occurs, but « with Opera’s servers ». That means that the behavior is browser specific. Opera is known to be compressing browsing data in its Mini browser for a long time.

Please, fix the article.

Roman

January 11, 2013

I’ve been using Opera Mini and I don’t remember *ever* being told that my HTTPS connections are actually faked. How idiotic; every website must now tell you about cookies, but this? This one’s totally fine!

I didn’t claim that it affected all Nokia handsets – that wasn’t necessary to make the point. It was Nokia’s behavior that I pointed out, and that behavior is inexcusable whether it affects one single handset or all of them. But I added a small clarification that it affects at least those with the Nokia Xpress Browser.

I have no data on Opera decrypting SSL connections and doing man-in-the-middle attacks, so I won’t state that. Proxying is one thing, decrypting secure traffic and deceptively presenting as end-to-end secure something completely different.

Opera mini does that. Opera mini doesn’t render HTML, it renders OML (opera markup or something like that), which is generated by Opera servers VIEWING webpages for you and then sending you back highly compressible OML. OML is sent to you encrypted whether you visited an https or plain http site. So the benefit is that your facebook cookies cannot be stolen on an open wifi plus you get lower bandwidth costs on 3G. The downside is of course that opera sees your PayPal password etc. BUT I think Opera doesn’t try to hide that fact although I might be mistaken. Opera Mobile on the other hand (their other mobile browser) has this behavior turned off by default and even if you do turn it on I’m not sure if it applies to https too, it probably does though).

From the link above it would seem that Opera won’t actually let you use HTTPS / SSL while using Opera Mini. It does encrypt / compress data coming to your phone but if you want to use HTTPS it suggests Opera Mobile instead.

— EXCERPT—
Is there any end-to-end security between my handset and — for example — paypal.com or my bank?
Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the webpage. Therefore no end-to-end encryption between the client and the remote web server is possible.

If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.
— EXCERPT—

Jordan

January 11, 2013

I posted this in reply to another comment but figured I’d try and clear up the difference between Opera Mini and Nokia’s solution.

From the link above it would seem that Opera won’t actually let you use HTTPS / SSL while using Opera Mini. It does encrypt / compress data coming to your phone but if you want to use HTTPS it suggests Opera Mobile instead.

— EXCERPT—
Is there any end-to-end security between my handset and — for example — paypal.com or my bank?
Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the webpage. Therefore no end-to-end encryption between the client and the remote web server is possible.

If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.
— EXCERPT—

Peter Harrison

January 11, 2013

In no obvious way have you clarified that this is only for a specific Nokia based browser – you’ve said it affects “at least” that browser. This whole article is designed to be misread by reactionary folks, posted on Reddit and to gain yourself views and revenue on your website. If this is not the case please rewrite it properly specifying through out that this is on the Xpress browser only and show us that you aren’t just trying to mislead people.

If you see something you don’t like, contribute with something you do like.

Cheers,
Rick

jim

January 11, 2013

agreed, it’s total reactionary bull. There are plenty of reasons to do this without there being any malicious intent.

serving cached local storage copies, compressing the page data between transmission….many many reasons why this would be happening.

if you’re that concerned about your privacy that this is quite as alarming as you’re making out – why on EARTH would you use a browser that goes via 3rd party servers in the first place. ALL these systems do a certain amount of “snooping” – that’s how they do their job – giving you the page faster than normal.

Sten

January 13, 2013

@Rick

“Net rule #1:”

Where is the source in regards of these rules and what is rule #2?

Burz

January 11, 2013

Tomas, your claims have been addressed by the author. Please, fix your comment.

“However, because the connection from the mobile client to the server is also encrypted, there is no place except in our data centre where user data are transmitted unencrypted. If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.”

Björn Persson

January 11, 2013

Well I disagree on the terminology. I wouldn’t call this a man-in-the-middle attack, it’s more like spyware phoning home. The browser is programmed to connect to Nokia’s proxy instead of the server that the user tells it to connect to. It’s software installed in the device that contacts its masters and reports on what the user is doing. That’s spyware by my definition. If the browser had actually tried to connect directly to the server, and Nokia had been able to intercept and decrypt the traffic anyway, then it would have been a man-in-the-middle attack.

Techguy

January 11, 2013

Hey Rick,

I guess you aren’t that great on tech stuff so listen. The Nokia Express Browser clearly states on the first start up that all traffic will pass through Nokias servers to enable the web content compression due to decrease loading times of heavy web content web sites. So if you don’t understand that all traffic goes through the servers and are processed by them don’t use the browser since it’s optional.

“wiretapped by Nokia themselves and decrypted for analysis” Hyperbolic much? This story of course is relevant to discuss from a privacy point of view, but your intro is just purely misleading. I haven’t worked with this service in particular, but standard procedure for sensitive data like this (and phones and phone calls generate a lot of such… and yes we do have designated privacy and security architects who review stuff for compliance) is to store all such sensitive data securely in /dev/null immediately. It should never be stored to disk, only RAM, and the suggestion that someone is analyzing it is just plain false! The criticism that there should not be a man-in-the-middle anyway is of course appropriate, but saying that data is specifically “decrypted for analysis” is just bad sportsmanship here. Also, you yourself now distract people from understanding the real issues you might want to highlight, I’ve listed them below.

So yes, this kind of browser works with a proxy, which modifies the http(s) traffic to optimize for bandwidth. So for someone who understands how the technology works it’s kind of obvious that https traffic has to be decrypted. I don’t live in India and never owned an Asha phone, so I don’t know if this is communicated well to consumers who use these phones. Note that this is not an issue with “real” smartphones like Windows Phone, Symbian or Meego. (Last two of which contain “Nokia’s own browser” and do not use any proxy service like this.)

So for me it’s a bit surprising that techies like you and other bloggers are so up in arms on this story. How else did you expect a solution like this to work? We are talking about phones that cost less than 50 dollars to buy. They really don’t have what it takes to process real web pages, unless a helpful proxy first decreases image quality, throws away most of the css and javascript, background images, and so on. This proxy solution is what enables people in the 3rd world to experience the internet at all.

Still, there are a few valid points that are worth shouting about. If you’d cut down on the hyperbole people will have an easier time understanding what they are:
– if the average end user thought his https connection is still secure, then there has not been sufficient communication about this. For example, the browser could show a notification the first time https is used. (Like I said, I have no idea if anything like this is done or not.)
– Asha phones are bought by people who live in Syria, Iran, Saudi-Arabia… You can probably take it from here now…

But in the end, it’s important to be realistic here. These phones are used in places where they are very likely the only way for a family or a whole village to connect to the internet. Btw, the average Asha user doesn’t have a bank account – just to give you some perspective. But if they do, they basically have a choice now of no online banking, or half-way-https online banking. Guess which one they will choose?

Dating otoh is a popular use case for Nokia phones all over the world, rich and poor

Henrik Ingo, Finland
(Unless it was obvious, I happen to work for Nokia but I have no particular need to defend my employer. I don’t work on the xpress browser project, not even in the same business unit. I find that connecting 3rd world people to the internet for the first time in their lives is probably one of the best things my employer does in this world.)

…is to store all such sensitive data securely in /dev/null immediately. It should never be stored to disk, only RAM, and the suggestion that someone is analyzing it is just plain false!

From the linked article, Nokia says itself:

Websites accessed

The URLs of such sites which you access with the Nokia Browser are stored by Nokia.

I’d say this qualifies as “analyze”. At least, there would be no point in storing them as stated if some aggregate data wasn’t collected at some point for technical optimization of the service, and this would definitely qualify as “analysis”.

Cheers,
Rick

Anonymous

January 11, 2013

don’t be simple

there are PLENTY of reasons to store it – completely anonymously – for speed optimisation , malware detection, compression, metrics, many MANY reasons

Ok. Assuming that is also the case for the https encrypted traffic (an it could of course easily happen unless specifically exempted) then that is certainly a mistake in process. And for this specific item, I will concede your “so-called-hyperbole” is appropriate then.

I should also correct myself on another point: Reading the original article more closely, it seems Nokia re-encrypts the traffic between proxy and browser. That is of course great news security-wise (well, at least it’s something…) especially for people living in countries where they can’t trust their own GSM network.

Indeed – the re-encryption (posing as end-to-end crypto from the original website, and being able to do so by having its own cert installed on the phone) was the whole deal, meeting the definition of a man-in-the-middle attack.

Cheers,
Rick

Trizt

January 11, 2013

I do blame the Norwegians as I did with the doping bust in the Lahti Skiing World Championship in 2001:

Opera told TechWeekEurope HTTPS traffic over the Mini browser does go through its own data centres unencrypted. “The encrypted SSL session is established between the Mini server and target web server,” a spokesperson explained. “However, because the connection from the mobile client to the server is also encrypted, there is no place except in our data centre where user data are transmitted unencrypted. If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.”

This article is a bit misleading in that it suggests that it affects all data on all Nokia handsets. It makes pretty much no effort to say a few handset models where users use the Xpress Browser as their browser of choice..

Pinjata

January 13, 2013

This is a clear case of bad company ethics and we really can’t say how deep it goes. Nokia has admitted they are doing this on a few handset models but can we trust them not to do the same thing to other handsets/products?

Anonymous

January 11, 2013

and the most worrying thing is that NO ONE WILL DO ANYTHING AGAINST NOKIA FOR CARRYING OUT THIS SPYING! i’ll bet it has been done under the influence of the US government and/or law enforcement, like so many other things today.
imagine if it were an ordinary person doing something even remotely like ‘eaves dropping’ practices. they would be locked up for 1,000 years, the key would be dumped in the deepest ocean and they would never be heard from or of again!!!

Ano Nymous

January 11, 2013

Actually, the most worrying thing is that almost nobody will care until it affects them personally, and then it is too late.

Some trying to shoot the messenger! So information is being released how ALL communications are being ILLEGALLY intercepted, decrypted, and then fraudently certified as secure and you want to argue with the people telling you about it; not the criminals who broke into ur house to photocopy ur bank accounts, passwords, bug ur rooms, and otherwise sniff your underwear!?
I would guess some of those posts are from paid trollz, hacks that the corps have…

Peter J Lennartsson

January 11, 2013

If you give your consent for someone to read your data, how is it illegal?

If you give me your credit card and you pin number, so I can withdraw money for you when I go to town. Just so you can save money on gas not having to go yourself.

Don’t start yelling at me afterwards for knowing your pin number. You gave it to me so you could save money on traffic charges. Not much difference here.

harveyed

January 12, 2013

It is more like someone giving you unopened packages to take into town, and you open the packages for “logistics reasons” or whatever – something that you have not informed your friends about. And in some of the packages you find sensitive bank information. Clearly if someone found out you did this, they should immediately stop asking for your “help” doing so.

Peter J Lennartsson

January 12, 2013

that is not the same at all .

Its more like

“someone giving you unopened packages to take into town” and tell you that the address and all the information you need to send it is inside. So please open it do send the package for me ..

Then you get mad if they saw sensitive data in the package you told them it was okay to open, and was needed to do to help you.

clearly if someone put sensitive data in a package they tell someone they should open , and this data is discovered, the “someone” leaving the package is the fool , not the one helping out.

harveyed

January 18, 2013

So where does it clearly state that the packages are to be opened?

foonly

May 23, 2013

In the EULA you agreed to. Never owned an Asha phone, but I’m pretty sure that’s the correct answer.

It’s called SSL bridging and is used very frequently in networks to aid in compression, content/packet filtering, caching and in some cases even malware detection (just because it’s HTTPS doesn’t mean that the site/cert is legit anyways).

The article neglects to point out that many companies do this on their corporate network and is nothing new. I wouldn’t label this as a conspiracy more-so than just one of the choices to deliver content faster over high latency connections. I wouldn’t be surprised if all network carriers had some sort of inline SSL bridge to conserve bandwidth to accommodate the influx of smartphone/wireless internet devices.

Pinjata

January 13, 2013

It’s still a bad or even possibly illegal behavior if many companies do this. The end user assumes the communication is secured when using HTTPS.

Unless the browser (or any other application) clearly states that the communication isn’t secure is this acceptable.

Anonymous

January 11, 2013

Please don’t defend evil doers.There is no reason to decrypt unless to decypher the contents. They certainly could let it pass through secure. Why oh why would you give a greedy corporation the benefit of the doubt?!!? they are systemically corrupt! Why that is the very nature of the legal fiction of the corp, to prevent liability. Oh the corporation did it! People can’t be held liable for what some nebulous entity did right?! That’s the whole point and you are defending them for no good reason!

[…] can have confidence that his message cannot be eavesdropped en route. “It is a big deal,” says Rick Falkvinge (the founder of the Swedish Pirate Party), “because banks rely on having a secure connection all […]

Wow Rick, i’m very dispointed
This is such a non story it is ridiculous. Of Couse the Xpress browser in t5he Asha phones, or in the Xpress browser in the Lumia phones if you chose to download it and use it, run your data through their servers. That is how the browser work

It is clearly described that the pages you visit on with this browser goes though Nokia servers, to be pre rendered to cut down on your bandwidth, then presented back to you. Anyone with half a brain understands that this data can be listened in to, monitored analysed to improve preformance. You also agree to it when you use this browser of these phones. You have to decrypt some data to be able to pre-render it, and then display it back to the user. How would you do it otherwise. How do you pre-render data you can’t read?

Of course Nokia admits this is happening, they have said that this is how it works from day one.
But it is done in a secure environment, on Nokia servers. It’s all up to the user to read on what the agree to, and choose to use this service or not . If you trust Nokia, you use it, otherwise you don’t. It’s that simple. It’s not much different then how the Ovi services worked with Nokia messaging that gave you push mail for normal IMAP servers, when you chose to run your e-mail through Nokia’s servers.

Either you take the risk and reap the reward of much lower bandwidth use, or you choose another browser and get a higher phone bill because of high data usage.

What’s the next big story ..the sky is blue?

Garfield loves lasagne, the big cover-up story of the cartoon world!!!!

This story is a non story that should never even been written, because there is no point to it, except a lot of hot air from people that are not familiar with how a service works. Probably because they have never used it or bothered to read the terms of service.

Please Rick focus on real news, not made up hyped up nothingness

harveyed

January 12, 2013

Well is it not good to educate the people about the amount of trust they put into a service, if they were clearly not aware of this?

Peter J Lennartsson

January 12, 2013

Well its good to educate people, if you yourself know what you are talking about. If you don’t it becomes just spreading false rumours, and you loose credibility

Nokia say clearly that they will decrypt Https traffic … it is written in the description and is not hidden in any way.

If you try to portray Nokia as shady company and that their trying to spy on their users without their knowledge , like in this case ..you are just being a liar.

If you use a service and ignore all the warnings and the whole description of if before you use it …. you are not aware .. but that is no excuse . The user needs to take responsibility of their own actions.

LittleGreenLeaf

January 12, 2013

“Well its good to educate people, if you yourself know what you are talking about.”

In theory, a very good idea, but in the real world of today, an utopian impossibility.

Many questions now often span so hughly diverse areas of explicit specialized knowledge, that it is almost impossible to find anyone with the “required” expertize in all of them.

And if highly tech savvy people like Rick and Oscar Swartz have not previuously been aware of this issue, it raises the obvious question, What about everyone else? All those who does not have neither their technical skill nor their interest and concern in infosec and privacy issues?

And while you maybe have a deep understanding about the technical inner workings of mobile phones, I would dare say, you are perhaps not so knowledgeable regarding the inner workings of the human mind and the human nature.

That is why we need to work constructively together!

So why not instead ask Rick if you can help him out in any way? For example supply him with the relevant explicit text and wording in the eula? Why not create a simple image that in a visual manner describes exactly what happens and how it happens, in terms that the everage “layman” can easily grasp and understand?

In all humility,

Pinjata

January 13, 2013

What you are saying is that security researcher Gaurang Pandya analysis was a waste of time because Nokia already admitted this was happening? Really?

If this was clearly states since day one why have Nokia decided to remove this intermediate processing?

Astroturfing much lately?

foonly

May 24, 2013

>If this was clearly states since day one why have Nokia decided to remove this intermediate processing?

Probably because of all the negative publicity it just received. It’s called “PR damage control”, and no, you can’t predict which of your actions will necessitate it.

Ano Nymous

January 11, 2013

I didn’t know if I should expect this kind of behaviour from Nokia. Now i do.

However, spying on smart-anything users is nothing new. If a technology is called “smart”, you should replace “smart” with “spy” and you will be closer to the truth. Smartphones, smart TVs, even some smart meters (electricity meters) and smart electric grids are used to spy upon their users.

Smartphones and pads are propably worst, as both of the two best selling operating systems – Apple iOS and Google Android – contain lots of spy functions, only some of which are documented in the privacy policies.

The problems are three:

One: People usually doesn’t read the policies and agreements.
Two: The people who do, or get the information from other sources, usually don’t care.
Three: Not every spy function is documented in the policies, for example the registering of GPS positions that Apple was doing some time ago.

I think some phone manufacturers also add their own spyware to the phones. I read a Privacy policy on an old Samsung phone (with Android) once. I don’t remember if it was for Android or for the phone, but the functions I read about was not in Googles privacy policy for Android when I later read it on the internet, so I suppose it was Samsung that had added some “stuff”. It pretty much said that they had access to see everything you did on that phone.

Also, rumors has it that Windows 8 is littered with spy functions. I don’t know if it is true, however.

I also read somewhere that Apple can access the pictures in iPhones. When I tried searching for it later, it was nowhere to be found. Maybe it was also just a rumor.
However, if it is true, it is extra alarming because it doesn’t just affect the user, but also everyone who has their photo taken with an iPhone.

Anonymous

January 11, 2013

“I didn’t know if I should expect this kind of behaviour from Nokia”

What, you didn’t expect a service from Nokia would work exactly as it is described?
You can’t use the browser if you don’t agree upon how it functions from the first start page.

It clearly states it decrypts Https in the description.

Ano Nymous

January 14, 2013

I didn’t know if I should expect surveillance from that company or not. The last Nokia phone I had was a 3310, so I haven’t read any agreements or policies from Nokia in a long time.

The 3310 was before both the use of internet in cell phones (Nokia 3330, the model after 3310, looked exactly the same but different colors and it had WAP) and the hype of spying on users in order to sell information about them. Good times for privacy, but it didn’t have so many uses beside calling and texting.

Ian Farquhar

January 12, 2013

With respect, I think you’re failing to see the wood for the trees here.

The problem here is inadequate disclosure, not some evil plan to intercept traffic.

Remember that Nokia writes all of the code that traffic runs through anyway: users who use their software are already committing a significant amount of trust to their integrity. I would argue that the SSL inspection is unwise, but fundamentally, you’re using Nokia’s SSL libraries (and almost certainly keys generated by them) anyway. What they’re doing – basically WAN acceleration for low-performance handsets – is not technically invalid.

The issue here is that Nokia failed to provide users with sufficient disclosure of their the fact that their traffic, including SSL traffic, is exposed as plaintext inside Nokia networks. With proper disclosure, users could make the right choice to perform their sensitive transactions on the device.

It must always be remembered that users equate an established SSL session with secure. In reality, it pre-supposed the existence of a small number of highly trustable CA’s who would exercise the levels of diligence that governments use to protect their key hierarchies. The proliferation of multinational, bargain-basement CA’s; the lack of auditing, consistency, accountability and oversight of CA operations; the widespread introduction of SSL inspection; the poor user design of ALL browsers; the poor understanding of users…. I could go on for a while.

SSL in web browsers is severely compromised.

So I’m really unphased by this “revelation” from Nokia, in the absence of other indicators of compromise (for example, if it was shown Nokia was misusing the info).

What this article is doing and by this is doing wrong, it assumes:
– an evil reason for Nokia to do this
– and that Nokia will spy on that data.

For both there are no reasons to believe this.

And to correct this Opera mini do it exactly the same way. I just tried to access a https page using Opera mini and it show up. Another page (that of my bank) failed (show empty) but I expect the bank to block the access from the proxy server here.

The reason for doing this kind of processing is that the feature provided by this kind of browser is very high compression of data required to be received upon surfing the web. This is something which is quite helpful here in Europe and possibly required in countries like India where mobile network data rates are very low.

To do so, the images are scaled down, since high resolution is not required for mobile devices. This saves a lot of data easily. Further the text is compressed and may be (as someone explained above for Opera mini) translated to a more compact and pre-rendered form of description language than HTML. I.e. Opera mini here shows a raw to transmitted data rate of above 10 to 1.

So to do this you need to have access to plain unencrypted data on proxy server. So that is the reason why both Opera mini as well as Nokia Xpress browser unencrypt the date here, pre-render and compress the data here and then send it to the browser.

Note: That by no means you can compress encrypted data. Encrypted data has a random distribution of “Symbols” in it, so you cannot compress this.

There is absolutly no reason which indicates that one of them either Nokia or Opera is doing something else than decrypting the data, pre-render and compress the data and then send it to the browser (hopefully encryped). So to claim that Nokia (or Opera) is spying on that data is wrong and abusive!

So please step down a bit. Sure this means a security problem for users, but users are informed about this. They have to decide for which purposes to use this kind of browser and for which better use the standard browser. It also depends how far you trust Nokia or Opera. But this question of trust also comes to mind if you present i.e. your credit card data to a store you do not know. There it also does not help that this store uses SSL.

Sten

January 13, 2013

Rick, you have done it again!
You claim to have discovered and unveiled something that was not hidden nor was it a secret and nor a conspiracy.
How is the case – in regards of the alleged ACTA picture poster copyright infringement – going?

cal

January 13, 2013

[i]…Security researcher Gaurang Pandya posted an article …[/i]
Wrong

Sten

January 22, 2013

And then Rick turned it into:
“Every connection advertised as secure – banking, social networks, dating, corporate secrets – has been covertly wiretapped by Nokia themselves and decrypted for analysis.”

JustMe

January 13, 2013

This article was a waste of time. Please dont lose the focus Rick.

Vennom

January 14, 2013

This isn’t actually that odd thing to happen. This has been done by other phone manufactures already earlier and I think they still do it for mainly speed optimization features. Some of them have though changed https proxying similarilly as Nokia did, that just slows down the experience on those devices. It seems that someone has to be the fearmonger and this time it was you. 😉

Rick said:
> The whole point of using end-to-end encryption is that you don’t
> have to trust anybody. SSL interception is a breach of this, and I
> won’t be using anybody’s services that tries to present an
> eavesdropped connection as an end-to-end secure connection.

Ah, wouldn’t it be wonderful if such a system existed?

But it doesn’t, and is almost certainly impossible (Gödel’s incompleteness theorem). Even for pre-placed keys, you need to trust the other communicating party.

Fundamentally, SSL with PKI works by moving your trust to a series of organizations PKI called “Certificate Authorities”. These organizations you trust implicitly, without any basis within the system for doing so (Gödel would call them axioms). Go look at the list in your browser: you’ll get a shock at (1) how many you trust, and (2) the nature of some of the organizations which you implicitly trust.

Your browser – and in this case Nokia – provides a list of CA’s which are considered “trusted”. If the certificate APPARENTLY presented by the server is signed by one of these CAs, you trust the connection.

Got it so far?

What Nokia has almost certainly done is to include a CA they own in the list, which is authorized to sign anything. This is how SSL inspection works: by “poisoning” the list with a CA the intercepting party controls, then having the “device in the middle” present a faked cert instead of the real cert the real site provides, it can insert itself in the middle ALMOST transparently.

Smart users will check the issuing CA and notice it’s not one they expect, but very few people do that. And it’s not unreasonable, because so many people have taught them “a green padlock means it’s secure”. No, it doesn’t. It just means something has given you a cert which was produced by your trusted CA list. Whether you SHOULD trust that cert is something you cannot prove within the logic of this protocol.

This is how SSL inspection works.

In fairness to the browser makers, they’re trying to improve things. But there are so many fundamental issues which the design of PKI, there’s a limit to what they can do.

SSL is insecure

February 15, 2013

‘ It just means something has given you a cert which was produced by your trusted CA list. Whether you SHOULD trust that cert is something you cannot prove within the logic of this protocol.’

And it doesn’t even mean your connection with the certificate holder is secure, as 1024-bit RSA (which most websites use) can be broken and intercepted. Further 128-bit RC4 is used for the encapsulated data, so it can be decrypted by a determined 3rd party without interfering with the SSL handshake protocol.

Hey pirate boy, you said
“If you see something you don’t like, contribute with something you do like.
Cheers,
Rick”

Well, make that a moto for life can you? Because all this pirate shit you do here is only about crying out how big companies as bad and all that hippie bulshit.

Nokia is a great company that creates a lot of new technology that help develop our modern world.
Nokia company has made much more beneffit to the world than your pirate bay ever will.
This SSL certificate thing on a specific browser they developed is nothing but a bad delevoper choice, probably based on traffic and network cost/speed. Or can you prove that they are storing all users bank password and intent to access theier account with that? No you cant, they are no doint it. Thats a pirate bay business.

Stop with all that apocalypse hippier anti corporate bullshit and contribute with something to the world, something YOU created for the better.

Anonymouse-Q

January 28, 2013

….BlackBerry

jeez

February 11, 2013

“Nokia has pushed out a new version of their browser which removes the Man-in-the-Middle attack”.
Does that mean I can’t “get faster web browsing and more value and blahblah…” no more? That’s pity :]

SSL is insecure

February 15, 2013

Anyone that trusts SSL, doesn’t really understand how SSL works.

1. SSL as implemented by standard browsers has a list of certificate authorities so long, that it is virtually guaranteed that someone can issue a fake certificate for any site you connect to. Using a plugin like Perspectives for Firefox that provides notary results for ssl connections might mitigate this to some extent. SSL in more constrained uses where only a single certificate authority (controlled by the user of the system) is somewhat more secure.

2. SSL is based on RSA (Diffie-Hellman) key exchange, which is trivially broken for 1024bit keys, and non-trivially broken for 2048 bit keys (William Binney, ex-NSA revealed that the NSA is able to break 2048 bit RSA).

For some real-world examples of how fucking insecure SSL is in the realworld:
Youtube: 128-bit RC4 (broken), 1024bit RSA (broken) and SHA-1 hashing (cryptographically reduced but not broken)
Facebook: 128bit RC4 (broken), 1024bit RSA (broken), SHA-1 hash
Google: 128b RC4, 1024b RSA, SHA1
falkvinge.net: 2048b RSA, SHA1, certificate is not scoped, and can be forged by other cloudflare sites. site is not fully encrypted when accessed under SSL.
Bank of America: 128b RC4 (broken), 2048b RSA, SHA1, starting to get suspicious that my build of Firefox is requesting RC4..

Incorrectly and insecurely implemented SSL is everywhere, and the whole CA system is based on a web of trust with no real trust in it. People see the padlock icon and assume they are secure, when the reality is not entirely clear-cut.

The main function is to conduct comprehensive research on consumer behavior, the
consumers’ understanding of a particular item, its use and its relevance in a community, as
well as analyzing the variances in demand. Our life is full of little and big events
that ultimately affect our self-esteem. I didn’t have any problems going back and turning in all four at once, but he apparently has a tendency to
bug out and not recognize some of your recruits if you bunch them together.

Meta

All original text on this site is under a Creative Commons Zero license ("public domain"). That includes any comments you submit. Syndicated articles that were first published elsewhere (clearly marked as such) are under the original license, typically a very permissive Creative Commons. Powered by Probewise.